Zoom has unveiled two-factor authentication (2FA) for all user accounts, to make it easier to prevent “zoombombing” and other security breaches. Once enabled, the system will require users to enter a one-time code from a mobile authenticator app, SMS or phone call. That in turn will block potential attackers from taking control of accounts using stolen or recycled credentials, as they’d also need to have control of your mobile device.
2FA is available for Zoom’s web portal, desktop client, mobile app and the Zoom Room. It supports the time-based one-time password (TOTP) protocal, so it works with apps like Google Authenticator, Microsoft Authenticator and FreeOTP. The company also supports various authentication methods including SAML, OAuth and password-based authentication.
Earlier this year, Zoom courted controversy by offering end-to-end video call encryption to paid users only, but it eventually relented and released the feature to everyone. This time, Zoom launched 2FA to all users at once, but setting it up is a slightly different procedure depending on whether you’re a business admin or individual user. For a detailed guide, check out Zoom’s 2FA help center guide.